You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ss...@apache.org on 2015/06/03 07:39:13 UTC
hbase git commit: HBASE-13826 Unable to create table when group acls
are appropriately set.
Repository: hbase
Updated Branches:
refs/heads/master 722fd1706 -> fad545652
HBASE-13826 Unable to create table when group acls are appropriately set.
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/fad54565
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/fad54565
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/fad54565
Branch: refs/heads/master
Commit: fad545652fc330d11061a1608e7812dade7f0845
Parents: 722fd17
Author: Srikanth Srungarapu <ss...@cloudera.com>
Authored: Tue Jun 2 22:37:41 2015 -0700
Committer: Srikanth Srungarapu <ss...@cloudera.com>
Committed: Tue Jun 2 22:37:41 2015 -0700
----------------------------------------------------------------------
.../hbase/security/access/TableAuthManager.java | 10 +---------
.../security/access/TestAccessController2.java | 21 ++++++++++++++++++++
2 files changed, 22 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/fad54565/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
index a6ac4ae..543b3c0 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
@@ -392,7 +392,7 @@ public class TableAuthManager {
public boolean authorize(User user, String namespace, Permission.Action action) {
// Global authorizations supercede namespace level
- if (authorizeUser(user, action)) {
+ if (authorize(user, action)) {
return true;
}
// Check namespace permissions
@@ -431,14 +431,6 @@ public class TableAuthManager {
}
/**
- * Checks global authorization for a specific action for a user, based on the
- * stored user permissions.
- */
- public boolean authorizeUser(User user, Permission.Action action) {
- return authorize(globalCache.getUser(user.getShortName()), action);
- }
-
- /**
* Checks authorization to a given table and column family for a user, based on the
* stored user permissions.
*
http://git-wip-us.apache.org/repos/asf/hbase/blob/fad54565/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
index 24cd1d8..ecb3136 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
@@ -199,6 +199,27 @@ public class TestAccessController2 extends SecureTestUtil {
}
@Test
+ public void testCreateTableWithGroupPermissions() throws Exception {
+ grantGlobal(TEST_UTIL, convertToGroup(TESTGROUP_1), Action.CREATE);
+ AccessTestAction createAction = new AccessTestAction() {
+ @Override
+ public Object run() throws Exception {
+ HTableDescriptor desc = new HTableDescriptor(TEST_TABLE.getTableName());
+ desc.addFamily(new HColumnDescriptor(TEST_FAMILY));
+ try (Connection connection = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration())) {
+ try (Admin admin = connection.getAdmin()) {
+ admin.createTable(desc);
+ }
+ }
+ return null;
+ }
+ };
+ verifyAllowed(createAction, TESTGROUP1_USER1);
+ verifyDenied(createAction, TESTGROUP2_USER1);
+ revokeGlobal(TEST_UTIL, convertToGroup(TESTGROUP_1), Action.CREATE);
+ }
+
+ @Test
public void testACLTableAccess() throws Exception {
final Configuration conf = TEST_UTIL.getConfiguration();